| project_description =LAPSE stands for a <u>L</u>ightweight <u>A</u>nalysis for <u>P</u>rogram <u>S</u>ecurity in <u>E</u>clipse. LAPSE is designed to help with the task of auditing <b>Java EE Applications</b> for common types of security vulnerabilities found in Web Applications. LAPSE was developed by [http://suif.stanford.edu/~livshits/ Benjamin Livshits] as part of the [http://suif.stanford.edu/~livshits/work/griffin/ Griffin Software Security Project]. The project's second push is being led by Pablo Martín Pérez, [http://www.evalues.es/index.php/en.html Evalues Lab] ICT Security Researcher, developing LAPSE+, an enhanced version of LAPSE.

−

| project_description = LAPSE stands for a <u>L</u>ightweight <u>A</u>nalysis for <u>P</u>rogram <u>S</u>ecurity in <u>E</u>clipse. LAPSE is designed to help with the task of auditing <b>Java EE Applications</b> for common types of security vulnerabilities found in Web Applications. LAPSE was developed by [http://suif.stanford.edu/~livshits/ Benjamin Livshits] as part of the [http://suif.stanford.edu/~livshits/work/griffin/ Griffin Software Security Project]. The project's second push is being led by Pablo Martín Pérez, [http://www.evalues.es/index.php/en.html Evalues Lab] ICT Security Researcher, developing LAPSE+, an enhanced version of LAPSE.

Latest revision as of 22:52, 16 February 2014

Purpose: LAPSE stands for a Lightweight Analysis for Program Security in Eclipse. LAPSE is designed to help with the task of auditing Java EE Applications for common types of security vulnerabilities found in Web Applications. LAPSE was developed by Benjamin Livshits as part of the Griffin Software Security Project. The project's second push is being led by Pablo Martín Pérez, Evalues Lab ICT Security Researcher, developing LAPSE+, an enhanced version of LAPSE.

Release description: LAPSE+ is a security scanner for detecting vulnerabilities of untrusted data injection in Java EE Applications. It has been developed as a plugin for Eclipse Java Development Environment, working specifically with Eclipse Helios and Java 1.6 or higher. LAPSE+ is based on the GPL software LAPSE, developed by the SUIF Compiler Group of Stanford University. This new release of the plugin developed by Evalues Lab of Universidad Carlos III de Madrid provides more features to analyze the propagation of the malicious data through the application and includes the identification of new vulnerabilities.